Re-enable SMAP for VMs
Buggy Linux version is no longer present in any supported template (the last one was Debian jessie). QubesOS/qubes-issues#2881
This commit is contained in:
Marek Marczykowski-Górecki
parent
8b4a4a72b4
commit
8f38753bdb
@ -832,8 +832,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -889,8 +887,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -956,8 +952,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -1026,8 +1020,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenpvh">xenpvh</type>
|
<type arch="x86_64" machine="xenpvh">xenpvh</type>
|
||||||
@ -1096,8 +1088,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenpvh">xenpvh</type>
|
<type arch="x86_64" machine="xenpvh">xenpvh</type>
|
||||||
@ -1167,8 +1157,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -1248,8 +1236,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -1329,8 +1315,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -1431,8 +1415,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
@ -1505,8 +1487,6 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
</cpu>
|
</cpu>
|
||||||
<os>
|
<os>
|
||||||
<type arch="x86_64" machine="xenfv">hvm</type>
|
<type arch="x86_64" machine="xenfv">hvm</type>
|
||||||
|
|||||||
@ -17,8 +17,6 @@
|
|||||||
<!-- disable nested HVM -->
|
<!-- disable nested HVM -->
|
||||||
<feature name='vmx' policy='disable'/>
|
<feature name='vmx' policy='disable'/>
|
||||||
<feature name='svm' policy='disable'/>
|
<feature name='svm' policy='disable'/>
|
||||||
<!-- disable SMAP inside VM, because of Linux bug -->
|
|
||||||
<feature name='smap' policy='disable'/>
|
|
||||||
{% if vm.app.host.cpu_family_model in [(6, 58), (6, 62)] -%}
|
{% if vm.app.host.cpu_family_model in [(6, 58), (6, 62)] -%}
|
||||||
<feature name='rdrand' policy='disable'/>
|
<feature name='rdrand' policy='disable'/>
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user